class UsersController < ApplicationController
  before_filter :login_required, :only => [ :edit, :update, :destroy ]
  observer      :user_observer

  # GET /users
  # GET /users.xml
  def index
    @users = User.find_all

    respond_to do |format|
      format.html # index.rhtml
      format.xml  { render :xml => @users.to_xml }
    end
  end

  # GET /users/1
  # GET /users/1.xml
  def show
    @user = User.find params[:id]

    respond_to do |format|
      format.html # show.rhtml
      format.gif  { send_data @user.logo }
      format.xml  { render :xml => @user.to_xml }
    end
  end

  # GET /users/new
  def new
    @user = User.new
  end

  # GET /users/1;edit
  def edit
    @user = User.find(params[:id])
  end

  # POST /users
  # POST /users.xml
  def create
    @user = User.new(params[:user])

    respond_to do |format|
      if @user.save
        flash[:notice] = 'User was successfully created.'

        format.html { redirect_to user_url(@user) }
        format.xml  { head :created, :location => user_url(@user) }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @user.errors.to_xml }
      end
    end
  end

  # PUT /users/1
  # PUT /users/1.xml
  def update
    @user = User.find params[:id]

    respond_to do |format|
      if @user.update_attributes params[:user]
        flash[:notice] = 'User was successfully updated.'

        format.html { redirect_to user_url(@user) }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @user.errors.to_xml }
      end
    end
  end

  # DELETE /users/1
  # DELETE /users/1.xml
  def destroy
    @user = User.find params[:id]
    @user.destroy

    respond_to do |format|
      format.html { redirect_to users_url }
      format.xml  { head :ok }
    end
  end

  def login
    if request.post?
      self.current_user = User.authenticate params[:username], params[:password]

      if logged_in?
        if params[:remember_me] == '1'
          current_user.update_attribute :remember_me_expires, 2.weeks.from_now
          current_user.update_attribute :remember_me_token,   User.encrypt(current_user.salt, current_user.email, current_user.remember_me_expires)

          cookies[:auth_token] = { :value => current_user.remember_me_token, :expires => current_user.remember_me_expires }
        end

        redirect_back_or_default
      else
        flash[:notice] = 'Invalid username / password'
      end
    end
  end

  def logout
    current_user.update_attribute :remember_me_expires, nil
    current_user.update_attribute :remember_me_token,   nil

    cookies.delete :auth_token

    reset_session
  end
end
